id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	difficulty
567	Make authentication modular in http-client	sjamaan	sjamaan	"Currently basic and digest auth are hardcoded in http-client. As Thomas Hintz pointed out, there are services like Amazon S3 that have their own homebrew (and less secure...) authentication system which re-uses the ""authorization"" header with a custom scheme.

It would be great if the authentication schemes were extensible so we can cope with those custom schemes without having to add them to a huge pile inside http-client itself. This is not desirable because there may be many of these one-off systems out there, and they're all nonstandard and may even change and disappear over time.

Possibly some of the standard auth stuff can be moved inside intarweb too. Not sure yet."	enhancement	closed	major		extensions		fixed	authentication, authorization, http-client, intarweb